This treaty is supposed to supersede the Budapest Convention. The Budapest Convention is explicitly in favor of data privacy (a number of it's data privacy norms influenced the GDPR).
Either data collection mandates are left to individual states or the same deadlock that happened with the Budapest Convention would happen again.
> it would be better to have no convention at all
Then you're left with the status quo that every nation that isn't a party of the Budapest Convention can use 3rd party groups to hack a rival, which leads to chaos.
What is wrong with this? This seems extremely obvious. The fact that you do not mention this option in your original post seems almost disingenuous. Unless you meant to address it in the 'unless we want to end up forming regionalized "internets"' line? Although leaving the entire meat of your argument to one unexplained line isn't great either. And even then I don't see how the lack of mandating data collection would result in regionalized internets. So far I can access websites in Russia or South Korea just fine despite this point. And in any case you can create a regionalized internet even if all these rules are followed. See China and north korea.
>you're left with the status quo that every nation that isn't a party of the Budapest Convention can use 3rd party groups to hack a rival, which leads to chaos.
US, China, Russia and North Korea will continue to hack each other, no matter the outcome of this UN Convention. Even ignoring that point it is still strictly much better to have hacking than have globally mandated data collection